Monday, December 16, 2024
HomeCiscoAuthorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs

Authorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs

Published on

SIEM as a Service

In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices.

Background on the Cyber Threat

The Canadian Centre for Cyber Security and its international counterparts have been monitoring a series of cyber-attacks since early 2024.

These incidents have primarily affected CISCO ASA devices, specifically the ASA55xx series running firmware versions 9.12 and 9.14.

- Advertisement - SIEM as a Service

The attacks believed to be espionage efforts by a state-sponsored actor, have not shown signs of prepositioning for a disruptive or destructive network attack.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

However, the level of sophistication observed is a cause for concern.

CVE Details and Impact

CVE-2024-20359

The first vulnerability identified is CVE-2024-20359, allowing persistent local code execution.

This flaw enables attackers to maintain a presence on the affected device even after it has been rebooted.

CVE-2024-20353

The second vulnerability, CVE-2024-20353, can lead to a denial of service within the Cisco Adaptive Security Appliance and Firepower Threat Defense Software’s web services.

This vulnerability could be exploited to disrupt operations and deny access to network resources.

Malicious actors have exploited both vulnerabilities to gain unauthorized access through WebVPN sessions, often associated with Clientless SSLVPN services.

The agencies have not disclosed any specific hacker groups involved, but the capabilities point to a well-resourced and sophisticated actor.

Exploiting these vulnerabilities poses a significant risk to organizations that rely on the affected CISCO ASA VPN devices.

Unauthorized access to these devices can lead to data breaches, espionage, and potentially a foothold for future attacks against critical infrastructure.

Mitigation Strategies

In response to these threats, the advisory encourages organizations to:

  • Review logs for unknown, unexpected, or unauthorized device access or changes.
  • Update affected devices to the latest firmware versions as soon as possible.
  • Visit the Cisco Security Advisories portal and the Cisco Talos Blog for additional information and guidance on mitigation.
  • Implement network segmentation and access control lists to limit the traffic allowed to and from the affected devices.
  • Employ multi-factor authentication to access VPNs and reduce the risk of unauthorized access.

The alert serves as a reminder of the ever-present cyber threats facing organizations and the importance of maintaining robust cybersecurity practices.

As the situation develops, further updates and recommendations are expected to be issued by the involved cybersecurity agencies.

Update: Cisco has released updates for Zero Day vulnerabilities; more details can be found here.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams...

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams...

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...